Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

studiocms — Vulnerabilities & Security Advisories 7

All 7 CVE vulnerabilities found in studiocms, with AI-generated Chinese analysis, references, and POCs.

Vendor: withstudiocms

CVE IDTitleCVSSSeverityPublished
CVE-2026-32638 StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens CWE-639 2.7 Low2026-03-18
CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings CWE-639 5.4 Medium2026-03-11
CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts CWE-269 4.7 Medium2026-03-11
CVE-2026-32103 StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation CWE-639 6.8 Medium2026-03-11
CVE-2026-30945 StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service CWE-639 7.1 High2026-03-10
CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation CWE-639 8.8 High2026-03-10
CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key CWE-639 6.5 Medium2026-01-27

All 7 known CVE vulnerabilities affecting studiocms with full Chinese analysis, references, and POCs where available.